Solved: Best Practice for Management VLan and/or Loopback interface

zak.humphries · ‎05-09-2011

Sorry if this is a silly question im still learning my way around the Cisco world...

I have been looking over some of our existing switch configurations after I was asked to provision a couple of new 3560's in a remote site. Some of our switches have a dedicated management VLan and some of them have a loopback interface configured on the same subnet as the management VLan. (I think all the switches have been setup by different people).

Can any advise me on the best practice (and if willing) the reasons why I would one over the other.

Thanks in advance.

Zak

chandu.84 · ‎05-09-2011

The loopback interface provides a stable address for protocols (eg BGP, Telnet) to use so that they can avoid any impact if a physical interface goes down.The loopback interface is not associated with any particular vlan, it's local to the device itself as an "internal" interface that needs to

be routed to (within the device), to reach it.

best way to implement this is :

Set it up with a /32 netmask on each device, allocate them in an ordinal fashion in the same classful network that doesn't overlap with any of

your existing network ranges. Each device will need to route the assigned /32 address to the loopback interface, you will need some form

of static or dynamic route to do this. A dynamic routing protocol is best as you'll end up going mad adding dozens of /32 static routes

throughout your network

What's the best practice for switches management -

Create separate management VLAN, do trunks between all switches, and assign all switches management interface to this VLAN.

There are many uses,, these are main ones,, i thnk

View solution in original post

Julio E. Moisa · ‎05-09-2011

I recommend create a vlan in order to manage your switches, you can use interface-vlan.

configuration example:

1) create a MGNT vlan:

conf t

vlan x

name MGNT

exit

2) create a Interface-vlan

conf t

interface vlan x (same vlan of step 1)

ip address x.x.x.x subnet-mask

description MGNT

shutdown

no shutdown

exit

3) configure the default gateway (only for 2 layer switches)

conf t

ip default-gateway (default gateway of vlan x)

exit

Optional:

You can configure the vlan x as native vlan on the trunks interfaces.

For a remote branch you can use other "vlan x"... try to have a specific vlan for management on the switches.

For example:

MGNT addresses:

Vlan 101 - network 10.10.10.0/24

Switch 1: IP 10.10.10.2/24

Switch 2: IP 10.10.10.3/24

Switch 3: IP 10.10.10.4/24

.

For 3 layer switches i can recommend to use loopback addresses. (if you are routing traffic)

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

View solution in original post

chandu.84 · ‎05-09-2011

The loopback interface provides a stable address for protocols (eg BGP, Telnet) to use so that they can avoid any impact if a physical interface goes down.The loopback interface is not associated with any particular vlan, it's local to the device itself as an "internal" interface that needs to

be routed to (within the device), to reach it.

best way to implement this is :

Set it up with a /32 netmask on each device, allocate them in an ordinal fashion in the same classful network that doesn't overlap with any of

your existing network ranges. Each device will need to route the assigned /32 address to the loopback interface, you will need some form

of static or dynamic route to do this. A dynamic routing protocol is best as you'll end up going mad adding dozens of /32 static routes

throughout your network

What's the best practice for switches management -

Create separate management VLAN, do trunks between all switches, and assign all switches management interface to this VLAN.

There are many uses,, these are main ones,, i thnk

Julio E. Moisa · ‎05-09-2011

I recommend create a vlan in order to manage your switches, you can use interface-vlan.

configuration example:

1) create a MGNT vlan:

conf t

vlan x

name MGNT

exit

2) create a Interface-vlan

conf t

interface vlan x (same vlan of step 1)

ip address x.x.x.x subnet-mask

description MGNT

shutdown

no shutdown

exit

3) configure the default gateway (only for 2 layer switches)

conf t

ip default-gateway (default gateway of vlan x)

exit

Optional:

You can configure the vlan x as native vlan on the trunks interfaces.

For a remote branch you can use other "vlan x"... try to have a specific vlan for management on the switches.

For example:

MGNT addresses:

Vlan 101 - network 10.10.10.0/24

Switch 1: IP 10.10.10.2/24

Switch 2: IP 10.10.10.3/24

Switch 3: IP 10.10.10.4/24

.

For 3 layer switches i can recommend to use loopback addresses. (if you are routing traffic)

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

zak.humphries · ‎05-10-2011

Thanks very much for your input. We only have a baby network so we dont play with routing protocols (unlucky for me really ) I thin kthe management VLan is the root we will take.

Cheers again

Zak

Julio E. Moisa · ‎05-10-2011

Welcome !

If you need something please let us know.

Good luck

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<